Category Archives: Secrecy

Quote of the day: Was NSA ‘hack’ an inside job?


The posting of a catalog offering the supersecret National Security Agency’s hacking tools has been blamed on Russia by the Obama administration, but America’s most respected journalist covering the NSA beat writes that rather than a Russia hack, the raid on the NSA’s family jewels was more likely an inside job.

From James Bamford, writing for Reuters:

Like a bank robber’s tool kit for breaking into a vault, cyber exploitation tools, with codenames like EPICBANANA and BUZZDIRECTION, are designed to break into computer systems and networks. Just as the bank robber hopes to find a crack in the vault that has never been discovered, hackers search for digital cracks, or “exploits,” in computer programs like Windows.

The most valuable are “zero day” exploits, meaning there have been zero days since Windows has discovered the “crack” in their programs. Through this crack, the hacker would be able to get into a system and exploit it, by stealing information, until the breach is eventually discovered and patched. According to the former NSA officials who viewed the Shadow Broker files, they contained a number of exploits, including zero-day exploits that the NSA often pays thousands of dollars for to private hacking groups.

The reasons given for laying the blame on Russia appear less convincing, however. “This is probably some Russian mind game, down to the bogus accent,” James A. Lewis, a computer expert at the Center for Strategic and International Studies, a Washington think tank, told the New York Times. Why the Russians would engage in such a mind game, he never explained.

Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents.

So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations.

>snip<

[W]e now have entered a period many have warned about, when NSA’s cyber weapons could be stolen like loose nukes and used against us. It opens the door to criminal hackers, cyber anarchists and hostile foreign governments that can use the tools to gain access to thousands of computers in order to steal data, plant malware and cause chaos.

It’s one more reason why NSA may prove to be one of Washington’s greatest liabilities rather than assets.

Japan focuses on saving your privacy on the IoT


And what, pray tell, is the IoT?

It’s the Internet of Things, all those devices in your home with wireless connections to the Internet.

And to protect your privacy, only a Trumpian solution seems to work.

In other words, you’ll have to build a wall.

From the Yomiuri Shimbun:

BLOG Wall

More from the Yomiuri Shimbun:

In preparation for the spread of the internet of things [IoT], the Internal Affairs and Communications Ministry will develop a “protective wall” to safeguard home electronics connected to the internet from cyber-attacks, The Yomiuri Shimbun has learned.

There has been an increasing number of cases in which IoT devices at home are hacked and used as a base for cyber-attacks. The ministry plans to build a system, or protective wall, on the internet to prevent unauthorized operation of devices and stop them being infected with viruses, according to sources.

Development expenses totaling several hundred million yen will be incorporated in the second supplementary budget for fiscal 2016. In cooperation with electronics makers and telecommunications carriers, the ministry aims to put the system into practical use within a year or two.

It is difficult to improve the security of home electronics such as televisions, security cameras and routers by upgrading their software. While industrial IoT devices and personal computers are guarded with a protective wall or software, many consumer IoT devices are vulnerable to cyber-attacks.

The ministry plans to build a system on the internet in which access to all consumer IoT devices via the internet must go through a protective wall. Any unauthorized communication will be blocked. If there is a security problem with a consumer IoT device, a warning will be issued. The ministry aims to have the system protect existing IoT products as well.

Nuclear waste blast: Nation’s most costly mess


We begin with an excerpt from a 24 April 2014 post:

Valentine’s Day was anything but happy for workers at the at the Department of Energy’s New Mexico Waste Isolation Pilot Plant [WIPP] near Carlsbad Caverns. At 11:14 p.m., alarms shrieked warning of a radiation release from an exhaust vent moving air out of the underground storage facility.

Part of the waste stored in the interim facility [no permanent repository has yet been approved as each site, in turn, proved vulnerable to leaks] hailed from the nearby Lawrence Livermore National Laboratory, where University of California  scientists work with others to build next generation nuclear weaponry.

What happened that day was an explosion caused by [really] organic cat litter used to fill out drums containing deadly radioactive waste.

The blast and subsequent fire released plutonium, the deadliest substance on the planet, and reminded us that in our hubris, we have yet to devise safe ways of containing the products of the military/industrial. academic complex.

And now we’re discovering that the Valentine’s Day disaster [previously] is the most costly yet in the nation’s always-troubled nuclear program.

From the Los Angeles Times:

Energy Department officials declined to be interviewed about the incident but agreed to respond to written questions. The dump is operated by Nuclear Waste Partnership, which is led by the Los Angeles-based engineering firm AECOM. The company declined to comment.

Federal officials have set an ambitious goal to reopen the site for at least limited waste processing by the end of this year, but full operations can not resume until a new ventilation system is completed in about 2021.

The direct cost of the cleanup is now $640 million, based on a contract modification made last month with Nuclear Waste Partnership that increased the cost from $1.3 billion to nearly $2 billion. The cost-plus contract leaves open the possibility of even higher costs as repairs continue. And it does not include the complete replacement of the contaminated ventilation system or any future costs of operating the mine longer than originally planned.

An Energy Department spokesperson declined to address the cost issue but acknowledged that the dump would either have to stay open longer or find a way to handle more waste each year to make up for the shutdown. She said the contract modification gave the government the option to cut short the agreement with Nuclear Waste Partnership.

It costs about $200 million a year to operate the dump, so keeping it open an additional seven years could cost $1.4 billion. A top scientific expert on the dump concurred with that assessment.

Morales unveils the anti-School of the Americas


The School of the Americas [previously], rebranded as the Western Hemisphere Institute for Security Cooperation, is where the U.S. Army schools Latin American soldiers and police [more than 60,000 to date] on the fine art of suppressing dissidents and rebels.

Needless to say, most of those soldiers came from countries that allowed American corporations to exploit their resources, something those dissidents and rebels didn’t take kindly to.

Many of those soldiers participated in massacres, and some used their training to reach high ranks and even the presides of their countries. Two graduates founded Mexico’s notorious Los Zetas cartel.

And now Bolivia’s president has launched a new academy designed precisely to counter Washington’s agenda.

From teleSUR English:

Bolivian President Evo Morales opened Wednesday a new regional military defense school—a kind of anti-School of the Americas—which will offer courses on a wide range of subjects meant to counter the U.S. imperialist presence in the developing world, including the Theory of Imperialism, Geopolitics of Natural Resources and Bolivian Social Structures.

The new school, which will be based in the city of Santa Cruz in eastern Bolivia, and named after former President Juan Jose Torres. will have an initial enrollment of 100 students. Morales, a socialist and Bolivia’s first Indigenous president, has been a strong critic of US imperialism in Latin America, and throughout the world.

“Empires,” he said at Wednesday’s ceremony, “exhibit cultural racism because they do not believe in the popular sovereignty of the people.”

The Bolivian military academy is intended as a direct rebuttal to the infamous U.S. School of the Americas in Georgia , which provides military training to U.S. allies in Latin America, and whose graduates include a “Who’s Who” of Cold War era military figures who carried out some of the worst human rights abuses in Latin America.

Clinton Foundation may have been hacked, too


And if they were, we can’t wait to see what’s revealed.

From Reuters:

Bill and Hillary Clinton’s charitable foundation hired the security firm FireEye to examine its data systems after seeing indications they might have been hacked, according to two sources familiar with the matter.

So far, no message or document hacked from the New York-based Clinton Foundation has surfaced in public, the sources said.

One of the sources and two U.S. security officials said that like hackers who targeted the Democratic National Committee, Hillary Clinton’s presidential campaign and the Democrats’ congressional fundraising committee, the hackers appear to have used “spear phishing” techniques to gain access to the foundation’s network.

These techniques include creating bogus emails or websites in an effort to gain access to Clinton Foundation staffers’ emails and then to the foundation itself.

Headline of the day: What’s sauce for the goose


From the New York Times:

‘Shadow Brokers’ Leak Raises Alarming Question: Was the N.S.A. Hacked?

The release on websites this week of what appears to be top-secret computer code that the National Security Agency has used to break into the networks of foreign governments and other espionage targets has caused deep concern inside American intelligence agencies, raising the question of whether America’s own elite operatives have been hacked and their methods revealed.

Headline of the day: When spooks go very wrong


From the Intercept:

The Raid

  • In Bungled Spying Operation, NSA Targeted Pro-Democracy Campaigner
  • Tony Fullman is a middle-aged former tax man and a pro-democracy activist. But four years ago, a botched operation launched by New Zealand spies meant he suddenly found himself deemed a potential terrorist — his passport was revoked, his home was raided, and he was placed on a top-secret National Security Agency surveillance list.